Edward Snowden goes further. The former NSA contractor says that it is a web user's duty to protect their computer by blocking potential attack vectors such as Flash and JavaScript-riddled advertisements.

In an interview with The Intercept, Snowden reveals what he believes everyone should be doing to keep themselves safe online. He recommends using encrypted communication app Signal, and to encrypt the contents of hard drives. A password manager should be used to create 'unbreakable' passwords, and two-factor authentication should be used whenever it is available.

On the subject of ad blockers, Snowden says:

Everybody should be running adblock software, if only from a safety perspective. We've seen internet providers like Comcast, AT&T, or whoever it is, insert their own ads into your plaintext http connections. As long as service providers are serving ads with active content that require the use of JavaScript to display, that have some kind of active content like Flash embedded in it, anything that can be a vector for attack in your web browser -- you should be actively trying to block these. Because if the service provider is not working to protect the sanctity of the relationship between reader and publisher, you have not just a right but a duty to take every effort to protect yourself in response.

Unsurprisingly, Snowden is an advocate of Tor, saying that he uses it "all the time" but does add "that's not to say that Tor is bulletproof". He recommends using HTTPS Everywhere to reduce the risk of web traffic interception. While pushing everyone to take ownership of their privacy, Snowden warns against taking it too far:

You can go to any depth, you can drive yourself crazy thinking about bugs in the walls and cameras in the ceiling. Or you can think about what are the most realistic threats in your current situation? And on that basis take some activity to mitigate the most realistic threats. In that case, for most people, that’s going to be very simple things. That’s going to be using a safe browser. That’s going to be disabling scripts and active content, ideally using a virtual machine or some other form of sandboxed browser, where if there’s a compromise it’s not persistent.